All releases of the Anomy mail sanitizer

Release Notes: HTMLCleaner was updated to avoid endless loops
with Perl 5.00503. Users can now specify certain
replacement tags in the configuration file. The
testall.sh script now warns users if they
attempt to use the Sanitizer in an UTF-8 enabled
environment. The test cases were updated for
FreeBSD 4.6.2 with Perl 5.00503, and fir
Unicode-enabled Red Hat 8 or 9 machines.

Release Notes: Workarounds for problems regarding how Outlook detects uuencoded attachments, protection against the Outlook "hidden attachment" exploit (caused by carriage returns in message headers), a few other minor bugfixes, and a more powerful attachment policy language. The HTML cleanup module is available as a seperate package for users and developers of other security tools.

Release Notes: This release includes a rewritten HTML sanitizer which enforces default-deny instead of the old default-allow policy, in addition to many other HTML-related improvements. It also adds generic detection of MIME-type/filename mismatches, which protects against bugs like those exploited by BadTrans and Nimda. Handling of invalid MIME was improved, the default configuration is more secure than before, a few bugs have been fixed, and rudimentary support for RFC2231 MIME-parameter encoding has been added.

Release Notes: Adding LINK and FRAMESET tags to list of defanged HTML tags, and fixes for logging bugs and charset and character mangling related issues. This release completes the refactoring of the Sanitizer from a monolithic script to a more OO design.

Release Notes: The FORM tag has been added to the HTML defanger, due to related vulnerabilities discussed on BUGTRAQ. The logging system has been rewritten, and other minor bugfixes and improvements have been made. Pleae note that scoring is disabled in this release, so if you are using it wait for 1.43 before upgrading.

Release Notes: This release contains multiple bugfixes to the MIME parser and filename policy code. Documentation on sendmail m4 configuration and sanitizing with Postfix has been added. The code has been reorganized a bit. A MIME simplifier has been added for people who want to strip attachments from messages destined for mailing lists.